diff options
| author |  Johannes Schindelin <johannes.schindelin@gmx.de> | 2020-06-04 20:08:29 +0000 |
|---|---|---|
| committer |  Junio C Hamano <gitster@pobox.com> | 2020-06-04 13:20:21 -0700 |
| commit | 46da295a77066994a663a47dc044f6c6fe582d26 (patch) | |
| tree | f4b2161e2e1a58b54b68414ce556aede8a7e8832 /t | |
| parent | Git 2.26 (diff) | |
| download | tgif-46da295a77066994a663a47dc044f6c6fe582d26.tar.xz | |
clone/fetch: anonymize URLs in the reflog
Even if we strongly discourage putting credentials into the URLs passed
via the command-line, there _is_ support for that, and users _do_ do
that.
Let's scrub them before writing them to the reflog.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 't')
| -rwxr-xr-x | t/t5541-http-push-smart.sh | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/t/t5541-http-push-smart.sh b/t/t5541-http-push-smart.sh index 23be8ce92d..2d60381a5e 100755 --- a/t/t5541-http-push-smart.sh +++ b/t/t5541-http-push-smart.sh @@ -456,6 +456,21 @@ test_expect_success 'push status output scrubs password' ' grep "^To $HTTPD_URL/smart/test_repo.git" status ' +test_expect_success 'clone/fetch scrubs password from reflogs' ' + cd "$ROOT_PATH" && + git clone "$HTTPD_URL_USER_PASS/smart/test_repo.git" \ + reflog-test && + cd reflog-test && + test_commit prepare-for-force-fetch && + git switch -c away && + git fetch "$HTTPD_URL_USER_PASS/smart/test_repo.git" \ + +master:master && + # should have been scrubbed down to vanilla URL + git log -g master >reflog && + grep "$HTTPD_URL" reflog && + ! grep "$HTTPD_URL_USER_PASS" reflog +' + test_expect_success 'colorize errors/hints' ' cd "$ROOT_PATH"/test_repo_clone && test_must_fail git -c color.transport=always -c color.advice=always \ |